49 lines
6.1 KiB
Markdown
49 lines
6.1 KiB
Markdown
---
|
|
title: Configuring larger runners for default setup
|
|
shortTitle: Configure larger runners
|
|
intro: 'You can run {% data variables.product.prodname_code_scanning %} default setup more quickly on bigger codebases using {% data variables.actions.hosted_runners %}.'
|
|
product: '{% data reusables.actions.larger-runner-permissions %}'
|
|
versions:
|
|
feature: default-setup-larger-runners
|
|
topics:
|
|
- Code scanning
|
|
- CodeQL
|
|
- Actions
|
|
---
|
|
|
|
{% data reusables.code-scanning.beta-larger-runners-support %}
|
|
|
|
## About {% data variables.actions.hosted_runners %} for default setup
|
|
|
|
{% data reusables.actions.about-larger-runners %} For more information about {% data variables.actions.hosted_runners %}, see [AUTOTITLE](/actions/using-github-hosted-runners/about-larger-runners/about-larger-runners).
|
|
|
|
Consider configuring {% data variables.actions.hosted_runners %} for default setup if:
|
|
* Your scans with standard {% data variables.product.prodname_dotcom %}-hosted runners are taking too long.
|
|
* Your scans with standard {% data variables.product.prodname_dotcom %}-hosted runners are returning memory or disk errors.
|
|
* You want to customize aspects of your {% data variables.product.prodname_code_scanning %} runner like the runner size, runner image, and job concurrency without using self-hosted runners.
|
|
|
|
> [!WARNING]
|
|
> Currently, Swift analysis is not available on {% data variables.actions.hosted_runners %} for default setup. Additionally, if your repository has access to a runner with the `code-scanning` label, such as a {% data variables.actions.hosted_runner %} provisioned for default setup, default setup workflows will _only_ use runners labeled `code-scanning`. If you would like to configure default setup on {% data variables.actions.hosted_runners %} _and_ analyze Swift, you have two options:
|
|
> * Provision a self-hosted macOS runner with the `code-scanning` label in addition to your {% data variables.actions.hosted_runner %}. For more information, see {% ifversion ghec %}[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance).{% else %}[AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners#adding-a-self-hosted-runner-to-a-repository).{% endif %}
|
|
> * Ensure any repositories containing Swift _do not_ have access to runners with the label `code-scanning`. Default setup workflows for that repository will only use standard runners.
|
|
|
|
{% ifversion ghec %}
|
|
|
|
## Provisioning enterprise-level {% data variables.actions.hosted_runners %} for default setup
|
|
|
|
1. Add a {% data variables.actions.hosted_runner %} to your enterprise. For more information, see [AUTOTITLE](/actions/using-github-hosted-runners/about-larger-runners/managing-larger-runners#adding-a-larger-runner-to-an-enterprise).
|
|
* To add the `code-scanning` label to your {% data variables.actions.hosted_runner %}, name the runner `code-scanning`. An enterprise can only have one {% data variables.actions.hosted_runner %} named `code-scanning`, and that runner will handle all {% data variables.product.prodname_code_scanning %} jobs for all organizations and repositories within your enterprise that:
|
|
* _Have access_ to the enterprise-level runner, and
|
|
* _Don't have access_ to an organization-level {% data variables.actions.hosted_runner %} named `code-scanning`. If an organization or repository also has access to an organization-level {% data variables.actions.hosted_runner %} named `code-scanning`, each {% data variables.product.prodname_code_scanning %} job will be randomly assigned to either the organization-level or enterprise-level runner.
|
|
{% data reusables.actions.org-access-to-github-hosted-runners %}
|
|
1. To analyze repositories with default setup, grant the desired repositories access to the runner group your {% data variables.actions.hosted_runner %} is assigned to. For more information, see [AUTOTITLE](/actions/using-github-hosted-runners/about-larger-runners/managing-larger-runners#allowing-repositories-to-access-larger-runners).
|
|
1. You can now configure default setup for your enterprise, organizations, and repositories, and your {% data variables.actions.hosted_runner %} will automatically pick up {% data variables.product.prodname_code_scanning %} jobs as previously specified. For more information on configuring default setup, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning) and [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale).
|
|
{% endif %}
|
|
|
|
## Provisioning organization-level {% data variables.actions.hosted_runners %} for default setup
|
|
|
|
1. Add a {% data variables.actions.hosted_runner %} to your organization. See [AUTOTITLE](/actions/using-github-hosted-runners/about-larger-runners/managing-larger-runners#adding-a-larger-runner-to-an-organization).
|
|
* To add a custom label to your {% data variables.actions.hosted_runner %}, give the runner a name that matches that label. You can use this custom label when you configure default setup with {% data variables.actions.hosted_runners %}. For more information, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#assigning-labels-to-runners).
|
|
1. By default, all repositories in your organization have access to organization-level runners, meaning every repository can use your {% data variables.actions.hosted_runner %}. For information on granting only select repositories access to a {% data variables.actions.hosted_runner %}, see [AUTOTITLE](/actions/using-github-hosted-runners/about-larger-runners/managing-larger-runners#allowing-repositories-to-access-larger-runners).
|
|
1. You can now configure default setup for your organization and repositories, and your {% data variables.actions.hosted_runner %} will automatically pick up {% data variables.product.prodname_code_scanning %} jobs. For more information on configuring default setup, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning) and [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale).
|